CVE-2025-57796
BaseFortify
Publication date: 2026-01-28
Last updated on: 2026-02-05
Assigner: Mandiant Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| explorance | blue | to 8.14.12 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-257 | The storage of passwords in a recoverable format makes them subject to password reuse attacks by malicious users. In fact, it should be noted that recoverable encrypted passwords provide no significant benefit over plaintext passwords since they are subject not only to reuse by malicious attackers but also by malicious insiders. If a system administrator can recover a password directly, or use a brute force search on the available information, the administrator can use the password on other accounts. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
Explorance Blue versions prior to 8.14.12 use reversible symmetric encryption with a hardcoded static key to protect sensitive data, including user passwords and system configurations. Because the encryption key is static and hardcoded, an attacker who obtains the encrypted data can decrypt it offline, exposing sensitive information.
How can this vulnerability impact me? :
This vulnerability can lead to exposure of sensitive data such as user passwords and system configurations if an attacker obtains the encrypted data. Since the encryption is reversible with a hardcoded key, the attacker can decrypt the data offline, potentially compromising user accounts and system security.